diff options
author | Martin Fuchs <trendchiller@users.noreply.github.com> | 2014-06-10 15:48:33 +0200 |
---|---|---|
committer | Martin Fuchs <trendchiller@users.noreply.github.com> | 2014-06-10 15:48:33 +0200 |
commit | 0ef20f92b5bea3d3487c249d515f905d09f859a7 (patch) | |
tree | 76101c20efe2f68b0f455070f1f077058e52868d /config/suricata | |
parent | ff5060af8732ef9bd55a95537f3705c7382e19e0 (diff) | |
parent | b2bea6eac166ab17ed1e5776ea32d822f459a914 (diff) | |
download | pfsense-packages-0ef20f92b5bea3d3487c249d515f905d09f859a7.tar.gz pfsense-packages-0ef20f92b5bea3d3487c249d515f905d09f859a7.tar.bz2 pfsense-packages-0ef20f92b5bea3d3487c249d515f905d09f859a7.zip |
Merge pull request #1 from pfsense/master
update fork
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/suricata.inc | 9 | ||||
-rw-r--r-- | config/suricata/suricata.xml | 2 | ||||
-rw-r--r-- | config/suricata/suricata_alerts.php | 2 | ||||
-rw-r--r-- | config/suricata/suricata_barnyard.php | 2 | ||||
-rw-r--r-- | config/suricata/suricata_interfaces.php | 45 | ||||
-rw-r--r-- | config/suricata/suricata_interfaces_edit.php | 55 | ||||
-rw-r--r-- | config/suricata/suricata_logs_browser.php | 17 | ||||
-rw-r--r-- | config/suricata/suricata_passlist_edit.php | 7 | ||||
-rw-r--r-- | config/suricata/suricata_post_install.php | 6 | ||||
-rw-r--r-- | config/suricata/suricata_suppress_edit.php | 7 | ||||
-rw-r--r-- | config/suricata/suricata_uninstall.php | 7 | ||||
-rw-r--r-- | config/suricata/suricata_yaml_template.inc | 2 |
12 files changed, 126 insertions, 35 deletions
diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index c767f2d0..89bb572f 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -60,7 +60,12 @@ define('SURICATA_PKG_VER', $suricata_package_version); define('SURICATA_PF_TABLE', 'snort2c'); // Create some other useful defines -define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/'); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version >= 2.2) + define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/local/etc/suricata/'); +else + define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/'); + define('SURICATALOGDIR', '/var/log/suricata/'); define('RULES_UPD_LOGFILE', SURICATALOGDIR . 'suricata_rules_update.log'); define('ENFORCING_RULES_FILENAME', 'suricata.rules'); @@ -933,7 +938,7 @@ function suricata_build_sid_msg_map($rules_path, $sid_file) { natcasesort($sidMap); // Now print the result to the supplied file - @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Snort.\n\n"); + @file_put_contents($sid_file, "#v2\n# sid-msg.map file auto-generated by Suricata.\n\n"); @file_put_contents($sid_file, array_values($sidMap), FILE_APPEND); } diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index 1a64d619..a2acd49e 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -51,7 +51,7 @@ <description>Suricata IDS/IPS Package</description> <requirements>None</requirements> <name>suricata</name> - <version>1.4.6 pkg v1.0</version> + <version>1.4.6 pkg v1.0.2</version> <title>Services: Suricata IDS</title> <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> <menu> diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 07e4eb1f..2f0f114f 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -410,7 +410,7 @@ if ($savemsg) { <td width="78%" class="vtable"> <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> <?php echo gettext('Refresh');?> <input name="arefresh" type="checkbox" value="on" - <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/> + <?php if ($config['installedpackages']['suricata']['alertsblocks']['arefresh']=="on") echo "checked"; ?>/> <?php printf(gettext('%sDefault%s is %sON%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> <input name="alertnumber" type="text" class="formfld unknown" id="alertnumber" size="5" value="<?=htmlspecialchars($anentries);?>"/> <?php printf(gettext('Enter number of log entries to view. %sDefault%s is %s250%s.'), '<strong>', '</strong>', '<strong>', '</strong>'); ?> diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index d4afe4f4..c7488fe4 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -86,8 +86,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['barnyard_bro_ids_dport'] = "47760"; if (empty($a_nat[$id]['barnyard_sensor_id'])) $pconfig['barnyard_sensor_id'] = "0"; - if (empty($a_nat[$id]['barnyard_sensor_name'])) - $pconfig['barnyard_sensor_name'] = php_uname("n"); } if ($_POST['save']) { diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index 26d57b71..205a872b 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -57,6 +57,10 @@ if (!is_array($config['installedpackages']['suricata']['rule'])) $a_nat = &$config['installedpackages']['suricata']['rule']; $id_gen = count($config['installedpackages']['suricata']['rule']); +// Get list of configured firewall interfaces +$ifaces = get_configured_interface_list(); + + if ($_POST['del_x']) { /* delete selected interfaces */ if (is_array($_POST['rule'])) { @@ -207,9 +211,22 @@ include_once("head.inc"); <th class="listhdrr"><?php echo gettext("Block"); ?></th> <th class="listhdrr"><?php echo gettext("Barnyard2"); ?></th> <th class="listhdr"><?php echo gettext("Description"); ?></th> - <th class="list"><a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> - <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" - width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <th class="list"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> + <?php if ($id_gen == 0): ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> + <?php else: ?> + <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" + width="17" height="17" title="<?php echo gettext("Delete selected Suricata interface mapping(s)"); ?>" + onclick="return intf_del()"> + <?php endif; ?> </th> </tr> </thead> @@ -342,7 +359,15 @@ include_once("head.inc"); <td valign="middle" class="list" nowrap> <a href="suricata_interfaces_edit.php?id=<?=$i;?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" - width="17" height="17" border="0" title="<?php echo gettext('Edit Suricata interface mapping'); ?>"></a> + width="17" height="17" border="0" title="<?php echo gettext('Edit this Suricata interface mapping'); ?>"></a> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?=$i;?>&action=dup"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add new interface mapping based on this one'); ?>"></a> + <?php else: ?> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> </td> </tr> <?php $i++; $nnats++; endforeach; ob_end_flush(); ?> @@ -354,8 +379,16 @@ include_once("head.inc"); <?php else: ?> <?php endif; ?> </td> - <td class="list" valign="middle" nowrap> - <?php if ($nnats == 0): ?> + <td class="list"> + <?php if ($id_gen < count($ifaces)): ?> + <a href="suricata_interfaces_edit.php?id=<?php echo $id_gen;?>"> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext('Add Suricata interface mapping');?>"></a> + <?php else: ?> + <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" width="17" height="17" border="0" + title="<?php echo gettext('No available interfaces for a new Suricata mapping');?>"> + <?php endif; ?> + <?php if ($id_gen == 0): ?> <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" " border="0"> <?php else: ?> <input name="del" type="image" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index 3b61755c..dcf6fe3f 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -62,6 +62,13 @@ elseif (isset($_GET['id']) && is_numericint($_GET['id'])); if (is_null($id)) $id = 0; +if (isset($_POST['action'])) + $action = htmlspecialchars($_POST['action'], ENT_QUOTES | ENT_HTML401); +elseif (isset($_GET['action'])) + $action = htmlspecialchars($_GET['action'], ENT_QUOTES | ENT_HTML401); +else + $action = ""; + $pconfig = array(); if (empty($suricataglob['rule'][$id]['uuid'])) { /* Adding new interface, so flag rules to build. */ @@ -142,7 +149,37 @@ if (empty($pconfig['max_pcap_log_size'])) if (empty($pconfig['max_pcap_log_files'])) $pconfig['max_pcap_log_files'] = "1000"; -if ($_POST["save"]) { +// See if creating a new interface by duplicating an existing one +if (strcasecmp($action, 'dup') == 0) { + + // Try to pick the next available physical interface to use + $ifaces = get_configured_interface_list(); + $ifrules = array(); + foreach($a_rule as $r) + $ifrules[] = $r['interface']; + foreach ($ifaces as $i) { + if (!in_array($i, $ifrules)) { + $pconfig['interface'] = $i; + $pconfig['enable'] = 'on'; + $pconfig['descr'] = strtoupper($i); + $pconfig['inspect_recursion_limit'] = '3000'; + break; + } + } + if (count($ifrules) == count($ifaces)) { + $input_errors[] = gettext("No more available interfaces to configure for Suricata!"); + $interfaces = array(); + $pconfig = array(); + } + + // Set Home Net, External Net, Suppress List and Pass List to defaults + unset($pconfig['suppresslistname']); + unset($pconfig['passlistname']); + unset($pconfig['homelistname']); + unset($pconfig['externallistname']); +} + +if ($_POST["save"] && !$input_errors) { // If the interface is not enabled, stop any running Suricata // instance on it, save the new state and exit. if (!isset($_POST['enable'])) { @@ -237,7 +274,7 @@ if ($_POST["save"]) { if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); - if (isset($id) && $a_rule[$id]) { + if (isset($id) && $a_rule[$id] && $action == '') { // See if moving an existing Suricata instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); @@ -253,7 +290,15 @@ if ($_POST["save"]) { conf_mount_ro(); } $a_rule[$id] = $natent; - } else { + } + elseif (strcasecmp($action, 'dup') == 0) { + // Duplicating a new interface, so set flag to build new rules + $rebuild_rules = true; + + // Add the new duplicated interface configuration to the [rule] array in config + $a_rule[] = $natent; + } + else { // Adding new interface, so set interface configuration parameter defaults $natent['ip_max_frags'] = "65535"; $natent['ip_frag_timeout'] = "60"; @@ -358,6 +403,9 @@ if ($savemsg) { ?> <form action="suricata_interfaces_edit.php<?php echo "?id=$id";?>" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>"/> +<input name="action" type="hidden" value="<?=$action;?>"/> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -773,7 +821,6 @@ if ($savemsg) { <tr> <td colspan="2" align="center" valign="middle"><input name="save" type="submit" class="formbtn" value="Save" title="<?php echo gettext("Click to save settings and exit"); ?>"/> - <input name="id" type="hidden" value="<?=$id;?>"/> </td> </tr> <tr> diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php index 04edf373..cbe5ee7b 100644 --- a/config/suricata/suricata_logs_browser.php +++ b/config/suricata/suricata_logs_browser.php @@ -55,21 +55,22 @@ $suricata_uuid = $a_instance[$instanceid]['uuid']; $if_real = get_real_interface($a_instance[$instanceid]['interface']); // Construct a pointer to the instance's logging subdirectory -$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; +$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}/"; -$logfile = $_POST['file']; +// Limit all file access to just the currently selected interface's logging subdirectory +$logfile = htmlspecialchars($suricatalogdir . basename($_POST['file'])); if ($_POST['action'] == 'load') { - if(!is_file($_POST['file'])) { + if(!is_file($logfile)) { echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|"; } else { - $data = file_get_contents($_POST['file']); + $data = file_get_contents($logfile); if($data === false) { echo "|1|" . gettext("Failed to read log file") . ".|"; } else { $data = base64_encode($data); - echo "|0|{$_POST['file']}|{$data}|"; + echo "|0|{$logfile}|{$data}|"; } } exit; @@ -101,7 +102,7 @@ if ($input_errors) { jQuery.ajax( "<?=$_SERVER['SCRIPT_NAME'];?>", { type: 'POST', - data: "action=load&file=" + jQuery("#logFile").val(), + data: "instance=" + jQuery("#instance").val() + "&action=load&file=" + jQuery("#logFile").val(), complete: loadComplete } ); @@ -180,7 +181,7 @@ if ($input_errors) { $selected = ""; if ($log == basename($logfile)) $selected = "selected"; - echo "<option value='{$suricatalogdir}/{$log}' {$selected}>" . $log . "</option>\n"; + echo "<option value='{$suricatalogdir}{$log}' {$selected}>" . $log . "</option>\n"; } ?> </select> <?php echo gettext('Choose which log you want to view.'); ?> @@ -222,7 +223,7 @@ if ($input_errors) { </table> </form> -<?php if(empty($logfile)): ?> +<?php if(empty($_POST['file'])): ?> <script type="text/javascript"> document.getElementById("logFile").selectedIndex=-1; </script> diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php index 35c7b66e..437ae9a8 100644 --- a/config/suricata/suricata_passlist_edit.php +++ b/config/suricata/suricata_passlist_edit.php @@ -114,7 +114,12 @@ if ($_POST['save']) { /* input validation */ $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultpasslist") $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index c44b392f..eb193d58 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -60,14 +60,14 @@ if(is_process_running("suricata")) { killbyname("suricata"); sleep(2); // Delete any leftover suricata PID files in /var/run - unlink_if_exists("/var/run/suricata_*.pid"); + unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); } // Hard kill any running Barnyard2 processes if(is_process_running("barnyard")) { killbyname("barnyard2"); sleep(2); // Delete any leftover barnyard2 PID files in /var/run - unlink_if_exists("/var/run/barnyard2_*.pid"); + unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); } // Set flag for post-install in progress @@ -148,7 +148,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = } // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1"; +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.2"; write_config(); // Done with post-install, so clear flag diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php index a46e9e99..d4549e56 100644 --- a/config/suricata/suricata_suppress_edit.php +++ b/config/suricata/suricata_suppress_edit.php @@ -88,7 +88,12 @@ if ($_POST['save']) { $reqdfields = explode(" ", "name"); $reqdfieldsn = array("Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php index 2317578e..2a82e473 100644 --- a/config/suricata/suricata_uninstall.php +++ b/config/suricata/suricata_uninstall.php @@ -58,7 +58,7 @@ killbyname("suricata"); sleep(1); // Delete any leftover suricata PID files in /var/run -array_map('@unlink', glob("/var/run/suricata_*.pid")); +unlink_if_exists("{$g['varrun_path']}/suricata_*.pid"); /* Make sure all active Barnyard2 processes are terminated */ /* Log a message only if a running process is detected */ @@ -68,10 +68,7 @@ killbyname("barnyard2"); sleep(1); // Delete any leftover barnyard2 PID files in /var/run -array_map('@unlink', glob("/var/run/barnyard2_*.pid")); - -/* Remove the suricata user and group */ -mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true); +unlink_if_exists("{$g['varrun_path']}/barnyard2_*.pid"); /* Remove the Suricata cron jobs. */ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false); diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index c20ca8db..44fd1d5f 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -29,7 +29,7 @@ default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} # Configure the type of alert (and other) logging. outputs: - # alert_pf blocking plugin + # alert-pf blocking plugin - alert-pf: enabled: {$suri_blockoffenders} kill-state: {$suri_killstates} |